This is how enemies hack America — according to a cyber warrior
The media’s craze surrounding possible Russian interference with the US election through hacking isn’t going away anytime soon. Though the hype is primarily political, it’s important to separate fact from fantasy.
Tangibly, the overarching processes that corporations and nation-states use to gain advantage over a competitor or adversary are quite common. It’s important to evaluate how these attacks are used in the world today. The two main vectors used to attempt to exploit our election were Spear-Phishing and Spoofing.
Spear-phishing targets select groups of people that share common traits. In the event of the Russian hack, the Russian General Staff Main Intelligence Directorate, or GRU, and affiliated non-governmental organizations (companies, organizations, or individuals loyal to Russia), sent phishing emails to members of local US governments, and the companies that developed the voting-registration systems.
Their intent was to establish a foothold on a victim’s computer, so as to perpetrate further exploitation. The end-result of that exploitation could allow manipulation and exfiltration of records, the establishment of a permanent connection to the computer, or to pivot to other internal systems.
Spoofing is an act in which one person or program successfully masquerades as another by falsifying data, thus gaining an illicit benefit. Most people understand spoofing in terms of email, whereby an attacker spoofs, or mimics, a legitimate email in order to solicit information, or deploy an exploit.
As it relates to the Russian situation, spoofing a computer’s internet protocol (IP) address, system name, and more, could have allowed a successful spear-phisher to bypass defenses and pivot to other internal systems. This kind of act is so trivial, some techniques are taught in basic hacking courses.
Ignore the Hype
What we know from reporting, as backed by unauthorized disclosures, is that defense mechanisms appear to have caught each of the spear-phishing and spoof attempts. Simply put, there is no information to suggest Russia had success.
For political reasons, politicians have worked hard to make this a major talking-point. However, these same politicos cannot speak in absolutes, because there simply wasn’t a successful breach—let alone one able to compromise the integrity of our national election.
One piece of information to note: these attacks are some of the most common seen in the cyber world. There is nothing revolutionary about these vectors, or how they are employed against government, commercial, and financial targets. This isn’t to suggest it is a moral or acceptable practice, rather the reality of life in the Information Age.
I would be remiss if I didn’t make a note about the way Hollywood (and media in general) portrays hacking in a way that is mystical and comical. The portrayals only serve to conflate an issue that is easily managed with thoughtful consideration and implementation of best-practices.
This is why we can’t have nice things.
- Not All Veterans Think Suicide is Cowardice
- In Special Operations and in Business, Success is Dependent on One Skill Alone
- Nothing Prepares You for War
- If Harvey Weinstein Had a Vagina
- The Vietnam War: A Review
- Minimalism as a Way to Address Veteran Depression
Follow @HavokJournal on Twitter .
This is how missing or captured troops get promoted
6 reasons Charleston might be America's most gung-ho military city
This is how long South Korea thinks it will take to conquer the North
This stunning video shows how well 100-year-old ammo works today
While original 1911 pistols surely still function today, turns out so does the ammo from that era.